@0xtarafans and @i2huer
Produced by PNM x Narya Labs
We are focused on dissecting crypto/Web3 exploits in the real world
On March 20, 2022, LI.FI., a cross-chain bridge aggregation protocol was hacked with a loss of ~$600K. The attacker exploited a bug in the smart contract on Ethereum.
A functional PoC of the hack developed by PNM white hats
postmortem/2022/lifi at main ยท PwnedNoMore/postmortem
CBridgeFacet is the vulnerable smart contract that delegates the cross-chain token transfer requests to CBridge.
Supposing not having the targeted token (_cBridgeData.token
) to be transferred cross the chains, we can call the public function swapAndStartBridgeTokensViaCBridge()
of CBridgeFacet.
LibSwap.swap()